1. 11 Jun, 2002 1 commit
  2. 05 Apr, 2002 2 commits
    • Chad Barb's avatar
      Added SSL to capture (enabled with -DWITHSSL) · 2e536ba3
      Chad Barb authored
      To tip (or tiptunnel on a normal acl,) capture behaves the same.
      However, if a client connects and presents "USESSL" as the first six characters of their
      connection key, both sides initiate SSL negotiation.
      The server then attempts to get the key again. The second one is used for the check.
      
      SSL initialization is done on the first attempt by a client to connect via SSL.
      Capture assumes $(prefix)/etc/capture/cert.pem contains its certificate unless
      the '-c <certfile>' option is used.. if the certificate is not found or invalid, that
      connection fails, but normal connections will still succeed (and it will try to find the file
      again, next time an SSL connection is attempted.)
      
      On the client side, tiptunnel only uses ssl if there is a "ssl-server-cert:"
      property in the acl file. This is the SHA hash of the certificate that the capture server is
      expected to have (in hex.) If the certificate presented by the server does not hash to the
      same value, the connection is dropped.
      2e536ba3
    • Chad Barb's avatar
      · 86c3a23a
      Chad Barb authored
      Added "fakie telnet" to tunnel; tells client to not act stupid (no local echo and no line-at-a-time,)
      and filters out client telnet replies so they don't blow the server's mind.
      86c3a23a
  3. 02 Apr, 2002 1 commit
    • Chad Barb's avatar
      · b05398fe
      Chad Barb authored
      Tiptunnel can now take "ssl-server-cert:" property from the ACL file,
      which is a SHA hash of the expected server certificate.
      
      (this is used to verify the server's identity,
      thus precluding man-in-the-middle attacks.)
      
      If no "ssl-server-cert:" is in the ACL,
      it will revert to using a normal TCP connection.
      
      In this version, authentication is still the same (even over SSL.)
      (next step: add SSL to capture server.)
      b05398fe
  4. 29 Mar, 2002 1 commit
    • Chad Barb's avatar
      The tip tunnel.. · 025a6441
      Chad Barb authored
      Essentially tip, but instead of presenting a tty, it opens a tunnel port that (for instance)
      telnet can talk to. Example (on credit):
      
      tiptunnel /var/log/tiplogs/pc1.acl telnet
      
      Will open up a local port then fork/exec telnet with "localhost" and the tunnel port number as arguments.
      (Functionally equivalent to "tip pc1", only with telnet escape sequences)
      
      A later version of this program is what users will likely download for the quick-tip-through-the-web scheme.
      (next step: SSL)
      025a6441